@auth doesn't filter on ID

matthewmcneely · August 23, 2022, 8:49pm

Looks like it was discussed here: @auth rules filtering on id allows access to any resourse

As a workaround: if you have another edge that serves as a UID in Consumer, you can write the rule to restrict on that edge. For instance:

type Consumer @auth(
    query: {
      rule: """
      query ($NAME: String!) {
        queryConsumer(filter: {name: {eq: $NAME}}) {
          id
        }
      }
      """
    }
  ) {
  id: ID!
  name: String! @search(by: [exact])
}

I’ll have a look to see where this issue is in the backlog.

Topic		Replies	Views
Auth Rule Not Working, Returning All My Users When Trying To Just Get Only One GraphQL kind:bug	9	732	October 25, 2021
@auth rules filtering on id allows access to any resourse GraphQL	2	641	September 20, 2021
Authentication for querying a specific list of ID's GraphQL	1	358	August 14, 2020
Allow users to only see themselves (@auth) GraphQL status:accepted , kind:bug , ticket:created	9	731	September 20, 2021
The `@auth` directive - Graphql Documentation	13	2543	December 12, 2020

@auth doesn't filter on ID

Related topics